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(57) Abstract 

A set of Diffie-Hellman data encryption values is generated prior to receiving a request for the data encryption values. The data 
encryption values are then stored in a database. The generating and storing steps are performed repeatedly thus creating a stored table 
of data encryption values in the database. When a new user calls to activate a mobile station, a cellular network can select from among 
precalculated Diffie-Hellman data encryption values immediately transmit the values to the mobile station. 
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TITLE: IMPROVED GENERATION OF ENCRYPTION KEY 

FIELD OF THE INVENTION : 

The invention relates to data encryption technology 

5 and specifically to a process for generating data encryption 
values used in the activation of a new mobile station on a 
cellular network. 

BACKGROUND OF THE INVENTION : 

10 Systems for activating new users on cellular 

telephones or mobile stations to a cellular network have been 
in use for some time. The activation process includes storing 
customer billing information on the cellular network, and 
storing shared secret data on both the mobile station and the 

15 cellular network. The shared secret data includes a telephone 
number of the mobile station, information for identifying the 
manufacturer and serial number of the mobile station, and an 
authentication key (A-key) used to encrypt data sent between 
the mobile station and the cellular network. Encrypted data 

20 may include both voice and data. 

The presence of shared secret data on a mobile 
station and a cellular network allows sophisticated bi- 
directional verification techniques to be implemented for 
authentication of the mobile station to the cellular network 

25 in subsequent uses. The bi-directional verification 

techniques aid in limiting practices of Radio Frequency (RF) 
ease-dropping for the purpose of gaining unauthorized access 
to the cellular network with charges being fraudulently billed 
to an authorized subscriber. 

30 A well-known method for activating a mobile station 

to a cellular network is over-the-air activation teleservice 
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(OATS) and is described in the Telecommunication Industries 
Association (TIA) standard document number: IS 136. OATS 
uses a secure method to generate an A-key in both a mobile 

station — and — a — ee-H-u-ta-r — network — known — as — the — Di-l^ie-Hei-l-man- 

5 method. 

The OATS process commences with a telephone call 
from a user at a mobile station to a customer service 
representative for a cellular network. In response to the 
call from the user, an authentication center at the cellular 

10 network begins to generate Dif f ie-Hellman data encryption 
values. The data encryption values take several minutes to 
generate due to rigorous statistical requirements, while the 
user remains on the phone with a customer service 
representative. Waiting for the generation of Dif f ie-Hellman 

15 data encryption values causes inconvenience to the user and 
impairs the ability of a cellular network to activate new 
users . 

SUMMARY OF THE INVENTION : 

20 The present disclosure provides a method for 

creating a plurality of Dif f ie-Hellman data encryption values 
for subsequent transmission. A set of data encryption values 
is generated prior to receiving a request for the data 
encryption values. The data encryption values include at 

25 least one value from the group consisting of a public modulus 
value N, a secret key Y, and a primitive element g. The data 
encryption values are then stored in a database. The 
generating and storing steps may be performed repeatedly thus 
creating a stored table of data encryption values in the 

30 database. 

This process is used in a cellular network to 
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implement over the air activation. When a new user calls to 
activate a mobile station, the cellular network can select 
from among precalculated Dif f ie-Hellman data encryption values 

ai-rea^y-^A^ai-lHable— -and — immediately — transmit — the v-a-iue-s to the 

5 mobile station. This process greatly reduces the time 
required for activation, and therefore the burden on the new 
user and the cellular network provider. 

BRIEF DESCRIPTION OF THE DRAWINGS : 

10 These and other objects, features, and advantages 

will become more fully appreciated with reference to the 
accompanying drawings. 

Fig. 1 is a block diagram of a widely known and used 
cellular network configuration and its interaction with a 
15 mobile station. 

Fig. 2 is a block diagram of an embodiment of a 
mobile station, a base station, and an authentication center. 

Fig. 3 is a flow diagram of a prior art method of 
generating Dif f ie-Hellman encryption parameters for OATS . 
20 Fig. 4 is a flow diagram of a method of the 

invention showing independent generation of Dif f ie-Hellman 
encryption parameters for OATS. 

DETAILED DESCRIPTION OF THE INVENTION : 

25 Fig. 1 depicts a block diagram of a widely known and 

used cellular network configuration and its interaction with a 
mobile station 10. A cellular network 12 has a mobile 
switching center 14, which may be coupled to other mobile 
switching centers 14 (not shown), and which is also coupled to 

30 one or more base stations 16, a home location register 18, a 
customer service center 20, an authentication center 22, a 
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public switched telephone network (PSTN) 24 and an integrated 
subscribers digital network (ISDN) 26. 

One or more mobile stations 10 interact with the 

r.fillular ne twork by transmitting signals to and receiving 

5 signals from the base stations 16. When the mobile station 10 
is in use, it transmits signals to and receives signals from a 
current base station 16, typically the base station closest to 
the mobile station 10. As the mobile station 10 moves away 
from the current base station 16, the current base station 16 

10 may "hand off" the mobile station 10 to another base station 
16 which has become closest to the mobile station 10. 

The mobile switching center 14 switches calls 
originating from and terminating at a mobile station 10 to a 
variety of other medium including to other mobile switching 

15 centers 14, to a PSTN 24, and to an ISDN 26. The home 
location register 18 identifies a mobile station 10 and 
indicates the part of the country in which the mobile station 
10 is presently or is normally located. The authentication 
center 22 manages A-keys associated with each mobile station 

20 10 for the purpose encrypting transmissions between each 
mobile station 10 and the cellular network 12. Furthermore, 
during activation of the mobile station 10, the authentication 
center 22 may also generate data encryption values for 
transmission to a mobile station 10, and process data 

25 encryption values received from the mobile station 10 for the 
purposes of generating an A-key for use in subsequent 
transmissions . 

Fig. 2 shows a simplified view of a mobile station 
10, an authentication center 22, and a base station 16 of the 

30 cellular network 12, and illustrates an embodiment used to 
perform activation of a new mobile station 10. The mobile 
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station 10 has a microprocessor stage 28 coupled to a memory 
30, a data input and output (I/O) source 32, a radio frequency 
(RF) stage 34 and an encoding block 36. The microprocessor 

stage — 28 — at — the — mobrire — stati-on — 10 — interacts — with — the — other- 

5 functional blocks, processes data, and executes software 
program instructions which enable the mobile station 10 to 
operate. The microprocessor stage 28 at the mobile station 10 
may also generate random numbers and data encryption values 
used in the activation and data encryption process. The 

10 memory 30 may include random access memory (RAM), read only 
memory (ROM) and programmable read only memory (PROM) , The 
ROM or PROM may be used to permanently store data about the 
mobile station, including information to identify the 
manufacturer and serial number of the mobile station, the 

15 telephone number of the mobile station, and the A-key of the 
mobile station. The data input and output source 36 allows 
the user to place calls, receive messages regarding the 
transmission of phone calls, as well as to receive and 
transmit voice and other data. The encoding block 36 performs 

20 data encryption. The RF stage 34 transmits data from and 
receives data for the mobile station 10. 

A simplified embodiment of an authentication center 
22 is also depicted in Fig. 2. The base station 16 of the 
cellular network 12 also has an RF stage 37, which receives 

25 data from and transmits data to mobile stations 10. The RF 
stage 37 of the base station 16 is coupled to the 
authentication center 22, which includes a microprocessor 
stage 38, a memory 40, an encoding block 42, a database 44, 
and a data input and output (I/O) source 46. The RF stage 37 

30 may not be directly connected to the authentication center 22, 
but rather may be coupled to the authentication center 22 
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through a wired network, another RF stage, through another 
cellular network component, or any combination thereof. 

The microprocessor stage 38 executes program 

instruct i-o n-s and processes data which enab-l-es the- 

5 authentication center 22 to interact with the other functional 
blocks and mobile stations 10, and to operate as required by 
the cellular network 12. The microprocessor stage 38 at the 
authentication center 22 may also generate Dif f ie-Hellman data 
encryption values required for activation of a mobile station 

10 10 on the cellular network 12. The memory 40 is used to store 
data as required by the microprocessor 38. The encoding block 
42 is used for encrypting data sent between the authentication 
center 22 and the mobile station 10. The database 44 is for 
storing information used in the process of authenticating and 

15 activating subscribers, which may include the telephone number 
of one or more mobile stations 10, information for identifying 
the manufacturer and the serial number of the mobile station 
10, and the A-key associated with the mobile station 10. The 
database 44 may also be used to store a table of Diffie- 

20 Hellman data encryption values, which values are used in 
activating a mobile station 10 to a cellular network 12. The 
data input and output source 4 6 allows the authentication 
center 22 to interact with other parts of the cellular network 
12 and also allows human interaction with the operation of the 

25 authentication center 22. 

Fig. 3 shows a prior art method for activating a 
mobile station 10 on a cellular network 12 using the Diffie- 
Hellman method. In step 50, the authentication center 22 
waits for a request for activation from a mobile station 10. 

30 When a request is received, the microprocessor stage 28 of the 
authentication center 22 begins to generate Dif f ie-Hellman 
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data encryption values in step 52. 

The generation of Dif f ie-Hellman data encryption 
values is time consuming because specific and rigorous rules 

are follo wed-? I-n— a— wide ly u sed— embodiments — t-h e— a u-t h en^ti-Ga-t-i-G n- 

5 center 22 must generate a secret key y and a public modulus N, 
and a primitive element g. 

The statistical requirements for the secret key y 
are that it be a 160-bit random number with the following 
statistical properties: y shall not be smaller than 4; all 

10 values y generated shall have a uniform statistical 
distribution over their range; all values y generated shall be 
statistically uncorrelated to the secret key generated for the 
same or different mobile stations 10; the numbers generated 
for different secret keys shall not be capable of derivation 

15 from the previously used numbers and/or mobile station 
indicator values; the numbers generated by different 
authentication centers 22 shall be statistically uncorrelated; 
and the authentication center 22 shall set the secret key y to 
the value of this random number. 

20 The public modulus N must be a large prime number. 

Preferably, the public modulus N is at least a 768-bit prime 
number, as specified in TIA standard IS-136, with a maximum of 
1024 bits, and having the following statistical properties: N 
shall be different for different mobile stations; all values 

25 of N shall have a uniform statistical distribution over their 
range; all values of N shall be statistically uncorrelated to 
other values of N for the same or different mobile stations 
10; different values for N shall not be capable of derivation 
from any previously used numbers and/or mobile station 

30 indicator values; the numbers generated by different 
authentication centers 22 shall be statistically uncorrelated; 
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(N-D/2 should have a large prime factor; and the most 
significant bit of N should be equal to 1". 

After generating the public modulus N, the secret 

key— y~7 — a nd t h e— p rimitive e l -emefl£— g-, — fehe-miGTOp-rQGes sor 3 8— mus-t- 

5 then generate a partial key Y based on the formula: 

Y = g y mod N (Eq. #1) 

Then, in step 54, the authentication center 22 transmits the 
10 public modulus N, the primitive element g, and the partial key 
Y to the mobile station 10 via the RF stage 37 of the base 
station 16. 

The mobile station 10 receives N, g, and Y in step 
56 and in step 58 the mobile station 10 generates a random 
15 number using the microprocessor stage 28 which becomes the 
secret key x. The mobile station 10 then calculates a partial 
key X in step 60 using the formula: 

X = g x mod N (Eq. #2) 

20 

The mobile station 10 then transmits in step 62 the 
value X to the cellular network 12 via the RF stage of the 
mobile station 10. Then, in step 64 the cellular network 12 
receives the partial key X. In step 66, both the mobile 
25 station 10 and the authentication center 22 calculate the A- 
Key based on the formulas below: 

A-key MS = (Y) x mod N - (g y mod N) x = g yx mod N (Eq. #3) 

30 A-key AC - (X) y mod N - (g x mod N) y = g xy mod N (Eq. #4) 
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The A-key is then stored on the cellular network 12 
and on the mobile station 10 and becomes the basis for 
encryption in subsequent transmissions between the cellular 

networ-k— 12— and— t he-mobile— sta-t-i-on—1-0-, 

5 Fig. 4 illustrates a method of the present 

invention, which eliminates delay associated with the 
generation of Dif f ie-Hellman data encryption values. Rather 
than waiting for a user at a mobile station 10 to contact the 
cellular network 12 for activation, in step 70 the 

10 microprocessor 38 generates Dif f ie-Hellman data encryption 
values including a public modulus N, a primitive element g, 
and a secret key y. Once N, g, and y have been generated they 
are stored in the database 44 in step 72 for subsequent 
retrieval. Then, if the database 44 is full in step 74, or if 

15 some other condition as determined by the authentication 
center is reached, the generation of Dif f ie-Hellman data 
encryption values ceases. Otherwise, the method is repeated 
starting with step 70 in which the microprocessor 38 at the 
authentication center 22 generates another set of Diffie- 

20 Hellman data encryption values. In step 72, these values are 
stored on the database 44. 

In this manner, a table of available sets of Diffie- 
Hellman data encryption values is stored on the database 44 
for subsequent transmission to users at mobile stations 10 

25 during activation. The table of data encryption values may 
vary depending on the implementation at the authentication 
center 22. Storing N, g, y, and Y or any combination of one 
or more of them would be advantageous. In a preferred 
embodiment of the invention, the table of stored values is as 
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shown below: 

N A , gi, Yi 
N 2 , 92, Y 2 

5 N 4 , g 4 , Y 4 

In step 76, the authentication center 22 waits for a 
request for activation from a user. Upon receiving a request 
for activation in step 76, the authentication center 22 in 

10 step 78 selects a value from the database 44 of Dif f ie-Hellman 
data encryption values. The sets of Dif f ie-Hellman data 
encryption values may be selected randomly from the database, 
on a first-in first-out (FIFO) basis, or any other arbitrary 
selection scheme. Thus, the data encryption values are 

15 immediately available for use upon request. Then, depending 
on the Dif f ie-Hellman values stored in the database 44, the 
authentication center 22 may have to generate additional 
values. If N, g, and Y are stored in the database 44, the 
authentication center 22 does not need to generate any 

20 additional values. If N, g, and y are stored, the 

authentication must first generate Y from equation number 1 
given above. If either N, g, or both is not stored, the 
missing values must be generated. If neither Y nor y is 
stored, y must be generated and from it Y generated based on 

25 equation number 1 above. If y has been stored but not Y, Y 
must be generated from the stored value y based on equation 
number 1 above. Then in step 80, the data encryption values 
N, g, and Y are transmitted to the mobile station as part of 
generation of the A-key. Subsequently, method steps 56 

30 through 66 shown in Fig. 3 may be performed to accomplish the 
activation. 
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Although specific embodiments of the invention have 
been disclosed, it will be understood by those having skill in 
the art that changes can be made to those specific embodiments 

wl-thou^ — depa 1 r L t-i-ng — f-^om — the — spi^i-t — and — the — scope — o£ — the- 

5 invention. 
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CLAIMS : 

What is claimed is: 

1 1 . A process for creating a plurality of Dif f ie-Hellman data 

~2 encryption — vaiaes — for — subsequent — tra n sm-i-s s-i on-, — the — pr-oees-s 

3 comprising the steps of: 

4 (a) generating a set of data encryption values, 

5 prior to receiving a request for said data encryption values, 

6 said set of data encryption values including at least one 

7 value from the group consisting of a public modulus value N, a 

8 secret key y, and a primitive element g; and 

9 (b) storing said set of data encryption values in a 
10 database. 

1 2. The process according to claim 1, wherein step (a) and step 

2 (b) are performed repeatedly, thus creating a stored table of 

3 sets of said data encryption values in said database. 

1 3. The process according to claim 1, wherein: 

2 step (a) further includes the step of calculating a 

3 partial key Y based on said public modulus N, said secret key 

4 y, and said primitive element g; and 

5 step (b) includes the step of storing said public 

6 modulus N, said primitive element g, and said partial key Y. 

1 4. The process according to claim 2, wherein said database is 

2 part of a cellular network. 

1 5. The process according to claim 4, wherein said cellular 

2 network transmits data to and receives data from a mobile 

3 station, and wherein said process is used in over the air 

4 activation of said mobile station. 
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1 6. The process according to claim 4, wherein said cellular 

2 network transmits data to and receives data from a mobile 
—3 sLdLr oTn — a n d w herei n t h e proc e ss — fu-irthei? — eem pris e-s — fc-he — steps 

4 of: 

5 (c) receiving a request for activation of said 

6 mobile station; 

7 (d) selecting a current set of data encryption 

8 values from said database; and 

9 (e) transmitting said current set of data encryption 
10 values from said cellular network to said mobile station. 

1 7. The process according to claim 6, 

2 further comprising the step of generating a partial 

3 key Y based on said current set of data encryption values 

4 selected in step (e); and 

5 wherein step (e) includes the step of transmitting 

6 said partial key Y from said cellular network to said mobile 

7 station. 

1 8. The process according to claim 6, further comprising the 

2 steps of: 

3 (f) receiving said current set of data encryption 

4 values from said cellular network at said mobile station; 

5 (g) generating a secret value x at said mobile 

6 station; 

7 (h) generating a partial key X based on said secret 

8 value x at said mobile station; and 

9 (i) transmitting said partial key X from said mobile 
10 station to said cellular network. 
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1 9. The process according to claim 8, further comprising the 

2 step of: 

3 (j) generating an A-key at said mobile station based 

A on said sB.cjrei:_ke_ y x and said cur ran t set of data enc ry ption 

5 values. 

1 10. The process according to claim 9, further comprising the 

2 steps of: 

3 (k) receiving said partial key X at said cellular 

4 network; and 

5 (1) generating an A-key at said cellular network 

6 based on said partial key X and said current set of data 

7 encryption values. 

1 11. The process according to claim 10, further comprising the 

2 step of: 

3 (m) comparing said A-key at said mobile station to 

4 said A key at said cellular network. 

1 12. The process according to claim 10, wherein said mobile 

2 station includes a memory, and wherein said A-key is stored in 

3 said memory in said mobile station and in said database in 

4 said cellular network for subsequent authentication of said 

5 mobile station to said cellular network. 

1 13. The process according to claim 8, wherein said current set 

2 of data encryption values is erased from said database after 

3 said mobile station is authenticated to said cellular network. 

1 14. An apparatus for precalculating Diffie Hellman data 

2 encryption values, comprising: 
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1 a processor executing software instructions and 

2 generating Dif f ie-Hellman data encryption values prior to 

3 receiving a request for said data encryption values; and 

-4 a database coupled to said processor fox scoring. 

5 said Dif f ie-Hellman data encryption values. 

1 15. The apparatus according to claim 14, further comprising an 

2 encoding block, coupled to said processor, for encrypting data 

3 based on an A-Key. 

1 16. The apparatus according to claim 14, further comprising a 

2 base station having an RF stage, coupled to said 

3 microprocessor, for transmitting said Dif f ie-Hellman data 

4 encryption values to a mobile station. 
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